The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Aug. 09, 2016
Filed:
May. 24, 2013
Symantec Corporation, Mountain View, CA (US);
David Kane, Los Angeles, CA (US);
Wilson Meng, San Gabriel, CA (US);
Symantec Corporation, Mountain View, CA (US);
Abstract
Injected threads are tracked to detect malware that injects malicious code into the address space of a legitimate process. Relationships between threads of processes executing on a client and files stored by the client are mapped to identify files that create threads in executing processes. The address space of a process is analyzed to identify legitimate memory regions in the address space. A suspicious thread referencing a suspicious memory region of the address space outside of the legitimate memory regions is identified. The suspicious memory region is scanned to identify malware. The mapped relationships are used to identify the file that created the thread that referenced the address space in which the malware was identified. The malware in the file is remediated.